An integrated industrial system includes a safety instrumented system which is installed in a first zone, a host system which is connected to the safety instrumented system through a network, the host system being installed in a second zone which is different from the first zone, a detector which is installed in each of the first zone and the second zone, the detector being configured to detect a cyber-attack from outside to a self-zone, and a defender configured to perform a countermeasure of restricting a communication between the first zone and the second zone or of restricting a communication in the first zone or the second zone, based on a detection result of the detector.
Legal claims defining the scope of protection, as filed with the USPTO.
1. An integrated industrial system for a plant having a plurality of zones comprising: a safety instrumented system which is installed in a first zone and configured to certainly shut down the plant in a safe state in an emergency; a manufacturing system which is connected to the safety instrumented system through a network, the manufacturing system being installed in a second zone which is different from the first zone, the manufacturing system being established for manufacturing products in the plant efficiently; a first detector which is installed in the first zone, the first detector being configured to detect a first cyber-attack from outside of the integrated industrial system to the first zone; a second detector which is installed in the second zone, the second detector being configured to detect a second cyber-attack from outside of the integrated industrial system to the second zone; and a defender configured to perform a countermeasure of restricting a communication between the first zone and the second zone or of restricting a communication in the first zone or the second zone, based on a detection result of at least one of the first detector and the second detector, wherein the defender performs a first countermeasure of blocking power supply of a network device installed in the first zone to block the network physically in a case where the first detector detects the first cyber-attack from outside of the integrated industrial system to the first zone, wherein the defender performs a second countermeasure in a case where the second detector detects the second cyber-attack from outside of the integrated industrial system to the second zone, and wherein the first countermeasure protects the first zone from the first cyber-attack more securely than the second countermeasure.
2. The integrated industrial system according to claim 1 , wherein the defender further comprises: a setter configured to specify a target and a type of the first cyber-attack based on the detection result of the first detector and the detection result of the second detector, the setter being configured to set the countermeasure in accordance with the target and the type which have been specified; and an executer configured to execute the countermeasure which has been set by the setter.
3. The integrated industrial system according to claim 2 , wherein the setter is configured to set the countermeasure by using a setting list in which the target and the type of the first cyber-attack are associated with the countermeasure which should be performed in accordance with the target and the type of the first cyber-attack.
4. The integrated industrial system according to claim 1 , wherein the defender is installed in the first zone in which the safety instrumented system is installed, wherein the defender is configured to obtain the detection result of the first detector and the detection result of the second detector through the network, and wherein the defender is configured to perform the countermeasure through the network.
5. The integrated industrial system according to claim 1 , wherein the defender is configured to obtain the detection result of the first detector and the detection result of the second detector through a first communication line which is different from the network, and wherein the defender is configured to perform the countermeasure through a second communication line which is different from the network.
6. The integrated industrial system according to claim 5 , wherein the defender is installed in the first zone, or in neither the first zone nor the second zone but in another of the plurality zones.
7. The integrated industrial system according to claim 1 , wherein the manufacturing system is a first system which includes at least one of a manufacturing execution system, a plant information management system, and a plant asset management system.
8. The integrated industrial system according to claim 7 , further comprising: a second system which is installed in a third zone which is different from the second zone in which the first system is installed, the second system comprising an enterprise resource planning system.
9. The integrated industrial system according to claim 1 , further comprising: a distributed control system which is installed in the first zone in which the safety instrumented system is installed, the distributed control system being configured to control industrial process implemented in a plant.
10. The integrated industrial system according to claim 9 , wherein the integrated industrial system is sectioned into two or more zones, and wherein each of the two or more zones includes the distributed control system, the safety instrumented system, one of the first detector and the second detector, and the defender.
11. An integrated industrial system for a plant having a plurality of zones comprising: a first zone which comprises: a safety instrumented system for ensuring safety in operation of the plant, the safety instrumented system being configured to certainly shut down the plant in a safe state in an emergency; and a first detector configured to detect a first cyber-attack from outside of the integrated industrial system to the first zone; a second zone which comprises: a manufacturing system which is connected to the safety instrumented system through a network, the manufacturing system being established for manufacturing products in the plant efficiently; and a second detector configured to detect a second cyber-attack from outside of the integrated industrial system to the second zone; and a defender configured to restrict a communication between the first zone and the second zone or restrict a communication in the first zone or the second zone, based on a detection result of at least one of the first detector and the second detector, wherein the defender performs a first countermeasure of blocking power supply of a network device installed in the first zone to block the network physically in a case where the first detector detects the first cyber-attack from outside of the integrated industrial system to the first zone, wherein the defender performs a second countermeasure in a case where the second detector detects the second cyber-attack from outside of the integrated industrial system to the second zone, and wherein the first countermeasure protects the first zone from the first cyber-attack more securely than the second countermeasure.
12. The integrated industrial system according to claim 11 , wherein the defender further comprises: a setter configured to specify a target and a type of the first cyber-attack based on the detection result of the first detector and the second detector, the setter being configured to set a countermeasure in accordance with the target and the type which have been specified; and an executer configured to execute the countermeasure which has been set by the setter.
13. The integrated industrial system according to claim 12 , wherein the setter is configured to set the countermeasure by using a setting list in which the target and the type of the first cyber-attack are associated with the countermeasure which should be performed in accordance with the target and the type of the first cyber-attack.
14. The integrated industrial system according to claim 11 , wherein the defender is installed in the first zone in which the safety instrumented system is installed, wherein the defender is configured to obtain the detection result of the first detector and the second detector through the network, and wherein the defender is configured to perform the countermeasure through the network.
15. The integrated industrial system according to claim 11 , wherein the defender is configured to obtain the detection result of the first detector and the second detector through a first communication line which is different from the network, and wherein the defender is configured to perform the countermeasure through a second communication line which is different from the network.
16. The integrated industrial system according to claim 15 , wherein the defender is installed in the first zone, or in neither the first zone nor the second zone but in another of the plurality of zones.
17. The integrated industrial system according to claim 11 , wherein the manufacturing system is a first system which includes at least one of a manufacturing execution system, a plant information management system, and a plant asset management system.
18. The integrated industrial system according to claim 17 , further comprising: a second system which is installed in a third zone which is different from the second zone in which the first system is installed, the second system comprising an enterprise resource planning system.
19. The integrated industrial system according to claim 11 , further comprising: a distributed control system which is installed in the first zone in which the safety instrumented system is installed, the distributed control system being configured to control industrial process implemented in a plant.
20. A control method of an integrated industrial system for a plant having a plurality of zones, which comprises a safety instrumented system which is installed in a first zone and configured to certainly shut down the plant in a safe state in an emergency, and a manufacturing system which is connected to the safety instrumented system through a network, the manufacturing system being installed in a second zone which is different from the first zone, the manufacturing system being established for manufacturing products in the plant efficiently, the control method comprising: detecting, by a first detector, a first cyber-attack from outside of the integrated industrial system to the first zone, the first detector being installed in the first zone; detecting, by a second detector, a second cyber-attack from outside of the integrated industrial system to the second zone, the second detector being installed in the second zone; performing, by a defender, a countermeasure of restricting a communication between the first zone and the second zone or of restricting a communication in the first zone or the second zone, based on a detection result of at least one of the first detector and the second detector, wherein performing the countermeasure further comprises performing a first countermeasure of blocking power supply of a network device installed in the first zone to block the network physically in a case where the first detector detects the first cyber-attack from outside of the integrated industrial system to the first zone, and performing a second countermeasure in a case where the second detector detects the second cyber-attack from outside of the integrated industrial system to the second zone, and wherein the first countermeasure protects the first zone from the first cyber-attack more securely than the second countermeasure.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
December 9, 2016
October 27, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.